| 1 |
El 07/01/12 22:08, Anthony G. Basile escribió: |
| 2 |
> Hi everyone, |
| 3 |
> |
| 4 |
> A long time ago, Gentoo used to provide RSBAC sources. For those of you |
| 5 |
> unfamiliar with RSBAC = rules set based access control, it provides |
| 6 |
> hardening similar to grsec. See their web page at: |
| 7 |
> |
| 8 |
> https://www.rsbac.org |
| 9 |
> |
| 10 |
> These patches were eventually removed because of waning activity, but |
| 11 |
> recently Amon Ott and his team started working on RSBAC and there has |
| 12 |
> been renewed interest within the community. You can see their activity |
| 13 |
> on their repos: |
| 14 |
> |
| 15 |
> http://git.rsbac.org/cgi-bin/gitweb.cgi |
| 16 |
> |
| 17 |
> So, I put the rsbac admin tool and kernel sources on my overlay and |
| 18 |
> Issiah Hill started testing them. I think we've progressed to the point |
| 19 |
> where we can reintroduce those kernel sources back into the gentoo tree, |
| 20 |
> so I did. |
| 21 |
> |
| 22 |
> The new packages are |
| 23 |
> |
| 24 |
> 1) sys-kernel/rsbac-sources = vanilla linux 3.1.5 + genpatches + rsbac |
| 25 |
> patches. They do NOT at present contain the pax patches, but will in |
| 26 |
> the next rev bump. |
| 27 |
> |
| 28 |
> 2) sys-apps/rsbac-admin = the admin tool for rsbac |
| 29 |
> |
| 30 |
> At this point, everything is experimental and I would not recommend them |
| 31 |
> for a production server. But they are there now for testing and |
| 32 |
> hopefully full stabilization. I welcome feedback from both our users |
| 33 |
> and the RSBAC team. |
| 34 |
> |
| 35 |
On a side note, the old RSBAC documentation is available at |
| 36 |
http://www.gentoo.org/proj/en/hardened/rsbac/ This documentation is old |
| 37 |
and unsupported (that's why it is no longer accesible from the hardened |
| 38 |
space), but patches are welcome to get it up to date. To see the sources |
| 39 |
of the document just add ?passthru=1at the end of the URL. |
Archives